<?
require_once '../config.inc.php';
require_once '../function.php';

header("Content-type: text/html; charset=utf-8"); 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sing in</title>
<link href="../images/style.css" rel="stylesheet" type="text/css" />
</head>
<body class="login_bg">


<?

if ($_GET["action"] == "logout") {
	$_SESSION["username"] = '';
	showmsg('成功退出！','成功退出','return','返回');
	
}elseif ($_GET["action"] == "login"){
	if($_SESSION['iserror'] ==0){
		$_POST["code"] =$_SESSION['code'];//第一次进入不需要输入验证码
	}
	if (empty($_SESSION["username"])){	
		
		empty($_POST["username"]) ? showmsg('登录失败，请输入用户名！','登录失败','return','返回') : 0;
		empty($_POST["password"]) ? showmsg('登录失败，请输入密码！','登录失败','return','返回') : 0;
		empty($_POST["code"]) ? showmsg('登录失败，请输入验证码！','登录失败','return','返回') : 0;
		if(time() - $_SESSION["lasttime"] < 5) {//5秒内不能重复递交,防止强力注入
			$_SESSION["lasttime"] = time();
			showmsg('登录失败，请稍后尝试！','登录失败','return','返回');
			
		}else{
			$_SESSION["lasttime"] = time();
		}
	
	
		if (!empty($_POST["username"]) && !empty($_POST["password"]) ){
			
			//session_register("username");
			$sql = "SELECT * FROM {$tablepre}user WHERE username = '".$_POST["username"]."'";
			//echo $sql;
			$result=mysql_query($sql); 
			$users = mysql_fetch_array($result);		
			
			if ($users['password'] == md5($_POST["password"])){
				if ($_SESSION['code'] == $_POST["code"]){				
					$_SESSION["username"] = $_POST["username"];	
					$_SESSION["password"] = md5($_POST["password"]);	
					$_SESSION["adminid"] = $users["adminid"];
					$_SESSION["uid"] = $users["uid"];
					$_SESSION['iserror'] = 0;
					showmsg('成功登录！','成功登录','../view.php','返回');
					
				}else{
					//print_r($_SESSION);
					$_SESSION["lasttime"] = time();
					showmsg('登录失败，验证码不对！'.$_SESSION['code'] .'=='. $_POST["code"],'登录失败','return','返回');
				}	
			}else{
				$_SESSION["lasttime"] = time();
				$_SESSION['iserror'] = 1;
				showmsg('登录失败，用户名或密码错误！','登录失败','return','返回');
			}
			
		}
	}else{
		showmsg('成功登录！','成功登录','../view.php','进入');

	}
}else{
	/*showmsg('未定义的操作','未定义的操作','return','返回');*/
	if (!empty($_SESSION["username"])){	
		showmsg('成功登录！','成功登录','../view.php','进入');
	}
}

	

?>


<div class="login"  style="">
  <div class="title">
	用户登录：
  </div>
  <form id="form1" name="form1" method="post" action="login.php?action=login">
    <input name="action" type="hidden" value="edit" />
    <input name="id" type="hidden" value="<? echo $esites['id'] ?>" />  
    <label>Username:</label>
    <input name="username" type="text" id="username" size="16" class="input_login" /><br />    
    <label>Password:</label>
    <input name="password" type="password" id="password" size="16"  class="input_login" /><br />    
    <?php if($_SESSION['iserror'] ==1){?>
    <label>Validation:</label>
    <input name="code" type="text" id="code" size="4" maxlength="4" style="vertical-align:middle" />
    <img src="../sysimgcode/index.php" style="vertical-align:middle"/><br /> 
    <?php }else{?>
    <img src="../sysimgcode/index.php" style="display:none" />
    <?php }?>
    <input type="submit" name="Submit" value="Sing in" id="login_submit"  />
  </form>
</div>
</body>
</html>